IFRAME TAGS: CNET.com Alert

I’m finding it really annyoing now when my friend tries to send me e-mails from CNET.com and these messages are being reported as suspicious…all the time. :frowning:

What is it about this message that I can’t post that’s suspicious? ???

What she is doing my friend is she’s going to CNET.com to measure her bandwidth, then copying the whole page by selecting the ENTIRE HTML content select, copy and sending it to me VIA e-mail in it’s entire HTML format. paste

LOL, she does this to rub in my face how much FASTER her Rogers Cable is compared to my DSL line. ::slight_smile: ;D

When Avast E-mail scanner scans the message…it warns me of it being suspicious. :-\

sighs… Okay… :wink: It’s NOT THAT BIG A DEAL guys, I know. But why does avast not like CNET’s ITAG headers in e-mails sent to my POP8 address?

I like how Avast is being EXTRA pre-cautious…but these e-mails hold no threat as they come from CNET.com’s speed testing site.

I deleted the messages…just in case and scanned my system to be sure, and returned NEGATIVE results. I deleted the e-mail too. I know they are not infected with anything.

I don’t even understand what IFRAME TAGs are?

All you need to do to verify the same FALSE ALERT is to go to CNET.com, run a bandwidth test…and when the results page appears… copy, then paste and send the ENTIRE message in it’s true HTML form to somebody who runs Avast4Home with the e-mail scanner.

The suspicious alert will appear.
Is it something that I need to do… or is it something Avast will look into so that the alert does not need to happen?

Just wanted to post my findings on something I have no clue about.

heh! I must admit, I have no idea what IFRAME TAGS are?? :-[

Kindest Regards,
~Steele Wolf~

Steele,

PART I:
Remember one thing…Avast is designed to protect you from known and “suspicious” downloads, emails and web page links.
Avast has nothing against CNET. That’s silly. Avast sees the IFrame structure, tags within an HTML message and challenges it because of the similarity in the manner that a virus is transmitted.
Avast has a heuristic detection system that scans for anything that “might” be an unknown virus not contained in the virus database.

You can go into the Standard Shield, and Internet Mail modules and change the sensitivity levels of the module, and the heuristic scanner if you want (You’ll find them under the Customize button). This may lessen the “rejection” rate, but also leaves you open to a virus.
Your choice.

PART II:
Frames, when used sensibly, can be a great tool for presenting a complex site. Unfortunately, they’ve always been sort of boxy and constraining, doomed as they are to dwell in and along the corners of a browser. But all that changed with the introduction of the inline frame, or iframe for short.
What’s so special about iframes again? Ah, yes, the floating thing. An iframe isn’t bound to the side of a browser window. No way. Just like an image, a floating frame can sit anywhere on the page. It goes where it wants to go and calls in what it wants to call in. In every sense, a liberated frame for the new millennium. (quoted Zach Waller)

Good luck,
Techie

Hey Techie:

No. I know Avast has nothing against CNET.com TAGS.
I said that because it’s the only one I have encountered issues with.

And it’s cool.

I WANT to be notified of those kinds of “possible” positive viruses.

I was only curious as I don’t understand what ITAGS are.

Nevertheless… I’m thinkin’ I’ll get use to it.
Keep in mind I’ve never encountered it before…or at least as much.
Thanks for the PART II lesson!
I didn’t catch that before I posted my responce.
Some sneaky stuff those ITAGS! ;D

Kindest Regards,
~Steele Wolf~

Steele,

Yes, Avast is a wonderful program. It does have its little querks, but well worth putting up with them.

I would rather be overcautious then get hit with a virus that wipes out my system.

You are correct…those little IFrames are tricky little guys!
Glad you enjoyed lesson in Part II.

Good luck,
Techie

You can always put the CNet servers to the IFrame exception list. That’s why we added this feature about a year ago – some legitimate mails (mostly newsletters with ads) use the IFrame feature… :-\

See the Heuristics tab in the Configuration section of your mail (either Internet Mail or Outlook/Express, depending on which mail client you use) provider…

Vlk

I am an X-AntiVirus user who was quite UP there in the boards.
http://www.free-av.com/

I liked it at first because I was unaware at the time that Avast4Home was free. Both are NOT a TIMED 30day evaluation. ;D

I argued A LOT with the mods and tech support over there.
They had to get their act together on certain issues. For one thing… they claim that all e-mail, P2P, IM messages are scanned via the resident protection red umbrella

Do you think that is true? Nope.

Plus their English support was very limited.
Unfortunate.
I know it’s a German website… but… You know what? If you’re going to provide an ENGLISH speaking/writing tech support forum, then you have to provide FULL support for the language.

Try figuring out how to sign up an account with FreeAV… it ain’t easy.
So I gave up… walked out… and came STR8 here after hunting for a good free AV I could use at home on my personal PC.

I have YET to be dissapointed!
If I ever have a question… it’s answered in minutes!! :o ;D

What I like about Avast that I could never recieve in a free anti virus program before is how they allow passes of all your POP8 mail through their antivirus servers scanning for possible infections. This is still so amazing to me because I could not find this in any other free AV program at that time. It has 5 resident protection providers all running at once…each checking for SPECIFIC things, running different types of protection…all running… all at the same time.

WICKED. 8)
I’m one big impressed wolf!!
~Steele~
;D

Thanks Steele, greetings to Nome!

BTW Is it always freezing over there? :slight_smile:

Great suggestion VLK! ;D

I actually DO remember seeing that before but choose to delete the message thinking it would not happen again…
Sure enough it did.

The reason why I’m not going to exclude it is because the e-mails are not comming directly FROM CNET.com. Yes, the HTML code in the e-mail is… but because of the fact that my friend is first copying it and sending it from HER own computer, leads me to believe I should not touch that option just yet, or at all.

It’s a pop-up warning I think I’ll begin to appriaciate soon enough.
You can NEVER have too much protection.

Thanks again Techie and VLK… now…yawn… it’s time 4 sleep!! ;D

Kind Regards,
~Steele Wolf~

VLK: Nome? ;D That’s one thing I need to change about my profile. I want to visit Alaska SO MUCH… along with Nome. Unfortunately that’s not where I live. ::slight_smile: I will change that info to the correct location tomorrow. :wink: That’s the location I would not mind living.

It doesn’t matter that your friend is actually forwarding the e-mails. What counts is the URL inside the IFrame - something your friend will hardly change… :slight_smile:

BTW So you must still be on the West coast (or nearby) OR are a very very night owl… :wink: ;D

:stuck_out_tongue:

Your right again me thinks! ;D

Very true, there would be no point in altering it, nor would she.

Thanks!

…time zone -5:00 EASTERN time?..not so western after all?
Not even CLOSE VLK!! I’m up too late again…I love staying up LATE though…the cool night air… the peace…the silence…awesome. :slight_smile:

Hi again…

I just thought I’d touch upon why iframes in emails are classed as suspicious which I haven’t seen mentioned in the thread…

As Techie101 said, iframes are a totally valid way of displaying HTML content.

Recent worms such as Netsky.Q are moving away from using file attachments in emails (which have to be opened by the recipient) and are now exploiting a vunerability in MS Outlook / Outlook Express.
This vunerability can allow the automatic loading of the content of a malicious iframe in an HTML formatted email… allowing the worm to run as soon as the email is displayed in Outlook / OE.

So there ya go :smiley:

Excellent explanation vinbob. :slight_smile:

One important thing I recommend is to either set Outlook Express 6 to download and display ALL messages in TEXT format. That will eliminate ANY images from loading. You are VERY safe that way. But your e-mails become…pretty boring looking. :stuck_out_tongue:

If you do not wish to go THAT far… you can choose NOT to use the image preview pane which downloads and loads your e-mail messages automatically when you click on the subject line of the suspicious e-mail.

Another “mild” protection feature is to continue using the preview pane… but to select an option that will prevent Outlook Express 6 from downloading the messages right away when you click on the e-mail subject. Instead… what will appear in the preview pane is:

Outlook Express has not yet downloaded this message.
Click HERE to download the message, or press the space bar.

I like that option! :smiley:
But it only seems to work with the HTTP:// Hotmail protocal. I can’t get it to work in Outlook Express 6 using the POP8 retrieval protocal. If you use Outlook Express with Hotmail… you will ALSO find that Avast will not protect this account unfortunatley. :frowning: Plus one nifty feature in Hotmail you can set up is to BLOCK the loading of ANY and ALL images that acompany an e-mail. You may then review the e-mail with the images missing…then choose to load them at a later time.

AN EXCELLENT IDEA! And a feature I use all the time when I login through my web browser.

NOTE: For some reason… any e-mail you download through Outlook Express 6 from Hotmail, even if you turn on the feature to BLOCK ALL IMAGES FROM LOADING will STILL reveal all the images. It’s lame.

This makes the feature TOTALY useless if you continue to use Outlook Express 6 like I do. >:(

This is something that MSN Hotmail.com needs to be aware of and look into for their users who use Outlook Express 6 to retrieve mail from their servers. >:(

You are better protected by logging into Hotmail through the web-browser of your choice.

It’s unfortunate. :frowning: